[Whonix-devel] Efficacy of jitterentropy RNG on qemu-kvm Guests

procmem procmem at riseup.net
Fri Aug 3 05:28:53 CEST 2018


Hello. I'm a distro maintainer and was wondering about the efficacy of
entropy daemons like haveged and jitterentropyd in qemu-kvm. One of the
authors of haveged [0] pointed out if the hardware cycles counter is
emulated and deterministic, and thus predictible. He therefore does not
recommend using HAVEGE on those systems. Is this the case with KVM's
counters?

PS. I will be setting VM CPU settings to host-passthrough.

Bonus: Also if anyone knows the answer to this question about Xen please
let me know because its the other main platform we support and they
don't have the luxury of virtio-rng in PVH mode.

Thanks.

[0]
https://github.com/BetterCrypto/Applied-Crypto-Hardening/commit/cf7cef7a870c1b77089b1bd6209ded6525b5a4e0#commitcomment-23006392


More information about the Whonix-devel mailing list